Splunk for VMware

Follow the whole virtualization stack

Splunk for Server Virtualization, an application built on the Splunk IT Search platform, lets you navigate the whole virtual stack all from one place.

Get a comprehensive view of 100% of your IT data - server, hypervisor, VM, guest OS, applications, network, and increase visibility even with the greater complexity of virtualized environments. Optimize your initial planning and ongoing use of virtualization.

The old way: Virtualization adds complexity and uncertainty.

The nirvana associated with virtualization often obscures the challenges it creates. With virtualization, applications behave unpredictably fighting for resources on the same physical host. And the data needed to diagnose these problems is scattered and often lost as VMs are redeployed. Existing tools built for relatively stable dependencies can't keep up. New tools to monitor the hypervisor and virtual machines cannot see the resident guest operating systems or applications. This complexity makes it almost impossible to correlate activity and performance at the application level with resource utilization and performance down to the bare metal.

The new way: Visibility into the complete virtual stack.

Splunk correlates data across tiers in the virtual stack—both inside and outside the VM to give you the complete picture. Now you can index all your IT data across every tier - the physical servers, hypervisor, VMs, and deployed applications, capturing and persisting 100% of your data in real time. Powerful search and navigation lets you trace performance problems and errors across components. Visibility across VMs highlights resource competition issues. Flexible alerting and reporting give you continuous visibility and monitoring of changing virtual environments. Whether you're testing a new virtualization rollout or managing an existing infrastructure, Splunk puts you back in control.

Using Splunk for Server Virtualization

Virtualization Planning

Splunk helps with planning even before the first hypervisor is loaded. Use Splunk reports for historical app and OS activity and utilization to identify good targets for virtualization. Splunk shows you a historical view of the apps with spiky workloads and the hosts with underutilized available resources, helping you marry the tasks and resources faster, instead of guessing through your first deployments.

Workload Optimization

Once your virtualization environment is running, Splunk helps you optimize it. Use reports in Splunk across all tiers to track actual utilization and application performance to identify both application contention issues and lingering resource inefficiencies.

Performance Monitoring

Splunk acts as a great monitoring tool since it indexes 100% of your IT data - inside and outside of your virtualization environment. You can schedule searches and alerts in Splunk to generate alarms on performance thresholds based on data gathered from the VMware API and Citrix Xen Management API about the guests, physical hosts, and virtual and physical network interfaces. Splunk also includes pre-built searches and reports that monitor key virtualization metrics. Splunk can alert you when your VMs or guest OSs are short on free memory for too long. You can extend monitoring based on the outcome of root cause analysis: schedule alerts via email, warnings via RSS, or send events to consoles and ticketing systems.

Root Cause Analysis

Splunk is the answer when IT asks, "Where did that instance go?". Use Splunk to index IT data historically from all tiers as instances come and go to do root cause analysis. Then tie real application errors and perf problems to information about the state of the underlying VM and other guests. Even if the environment changed between the problem occurring and the investigation beginning, Splunk still indexed it, and can help you solve it. Take a common scenario: users complain about intermittent CRM app performance issues. Splunk can pinpoint the exact times and application server instances where performance fell below a threshold, then correlate it with configuration history captured from the virtualization platform APIs. Now you know which other guests shared the same physical hosts, can identify the I/O utilization hog, and even trend the I/O utilization of all of the guests over time.

Log Management

Splunk closes the gap in meeting log management requirements in virtualized environments. Unlike traditional log management solutions, Splunk securely and remotely captures all IT data in real time, even application log files, so you can meet log centralization and monitoring requirements even for applications deployed on transient virtual hosts.

Features

Only Splunk provides a holistic view across virtualization platform metrics and configuration with the logs, configurations and metrics from guest operating systems and applications.

Index

• Connects to VMware, Citrix XenServer and Hyper-V Management APIs to collect metrics and configuration data
• Remotely indexes all of the logs, metrics and configurations from apps and OS within guests

Search

• Pre-defined searches accelerate troubleshooting across dynamic virtual environments
• Instantaneous freeform search across all IT data across apps, guests, VMs, physical host and the network

Alert

• Pre-defined alerts notify administrators of common performance and resource contention issues
• Root cause investigation searches can be saved as new alerts to improve monitoring coverage over time
• Automated actions using management APIs

Report

• Pre-defined reports and dashboards provide management visibility into workload and service levels within virtualized environments
• Custom and ad-hoc reports can be created easily
• No schema to maintain. Identify fields and report on identified fields on the fly

Share

• Users can collaboratively build and share knowledge about IT data unique to virtualized environments

Secure

• User-controlled access to Splunk index, easily audited